1.\" Copyright (c) 1995, 1996 2.\" Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Bill Paul. 15.\" 4. Neither the name of the author nor the names of contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.Dd February 8, 1996 32.Dt RPC.YPPASSWDD 8 33.Os 34.Sh NAME 35.Nm rpc.yppasswdd 36.Nd "server for updating NIS passwords" 37.Sh SYNOPSIS 38.Nm 39.Op Fl t Ar master.passwd template file 40.Op Fl d Ar default domain 41.Op Fl p Ar path 42.Op Fl s 43.Op Fl f 44.Op Fl a 45.Op Fl m 46.Op Fl i 47.Op Fl v 48.Op Fl u 49.Op Fl h 50.Sh DESCRIPTION 51The 52.Nm 53utility allows users to change their NIS passwords and certain 54other information using the 55.Xr yppasswd 1 56and 57.Xr ypchpass 1 58commands. 59The 60.Nm 61utility 62is an RPC-based server that accepts incoming password change requests, 63authenticates them, places the updated information in the 64.Pa /var/yp/master.passwd 65template file and then updates the NIS 66.Pa master.passwd 67and 68.Pa passwd 69maps. 70.Pp 71The 72.Nm 73utility allows a normal NIS user to change 74his or her NIS password, full name (also 75known as 'GECOS' field) or shell. 76These updates are typically done using 77the 78.Xr yppasswd 1 , 79.Xr ypchfn 1 , 80.Xr ypchsh 1 , 81or 82.Xr ypchpass 1 83commands. 84(Some administrators do not want users to be able to change their 85full name information or shells; the server can be invoked with option flags 86that disallow such changes.) 87When the server receives an update request, 88it compares the address of the client making the request against the 89.Pa securenets 90rules outlined in 91.Pa /var/yp/securenets . 92(See the 93.Xr ypserv 8 94manual page for more information on securenets; the 95.Nm 96utility uses the same access control mechanism as 97.Xr ypserv 8 . ) 98.Pp 99The server then 100checks the 'old' password supplied by the user to make sure it is 101valid, then performs some sanity checks on the updated information (these 102include checking for embedded control characters, colons or invalid shells). 103Once it is satisfied that the update request is valid, the server modifies 104the template password file (the default is 105.Pa /var/yp/master.passwd ) 106and then runs the 107.Pa /usr/libexec/yppwupdate 108script to rebuild the NIS maps. 109(This script has two arguments passed 110to it: the absolute pathname of the password template that was modified 111and the name of the domain that is to be updated. 112These in turn are 113passed to 114.Pa /var/yp/Makefile ) . 115.Pp 116The 117.Fx 118version of 119.Nm 120also allows the super-user on the NIS master server to perform more 121sophisticated updates on the NIS passwd maps. 122The super-user can modify 123any field in any user's master.passwd entry in any domain, and can 124do so without knowing the user's existing NIS password (when the server 125receives a request from the super-user, the password authentication 126check is bypassed). 127Furthermore, if the server is invoked with the 128.Fl a 129flag, the super-user can even add new entries to the maps using 130.Xr ypchpass 1 . 131Again, this only applies to the super-user on the NIS 132master server: none of these special functions can be performed over 133the network. 134.Pp 135The 136.Nm 137utility can only be run on a machine that is an NIS master server. 138.Sh OPTIONS 139The following options are available: 140.Bl -tag -width indent 141.It Fl t Ar master.passwd template file 142By default, 143.Nm 144assumes that the template file used to generates the 145.Pa master.passwd 146and 147.Pa passwd 148maps for the default domain is called 149.Pa /var/yp/master.passwd . 150This default can be overridden by specifying an alternate file name 151with the 152.Fl t 153flag. 154.Pp 155Note: if the template file specified with this flag is 156.Pa /etc/master.passwd , 157.Nm 158will also automatically invoke 159.Xr pwd_mkdb 8 160to rebuild the local password databases in addition to the NIS 161maps. 162.It Fl d Ar domain 163The 164.Nm 165utility can support multiple domains, however it must 166choose one domain as a default. 167It will try to use the system default domain name as set by the 168.Xr domainname 1 169command for this default. 170However, 171if the system domain name is not 172set, a default domain must be specified on 173the command line. 174If the system default domain is set, 175then this option can be used to override it. 176.It Fl p Ar path 177This option can be used to override the default path to 178the location of the NIS 179map databases. 180The compiled-in default path is 181.Pa /var/yp . 182.It Fl s 183Disallow changing of shell information. 184.It Fl f 185Disallow changing of full name ('GECOS') information. 186.It Fl a 187Allow additions to be made to the NIS passwd databases. 188The super-user on the 189NIS master server is permitted to use the 190.Xr ypchpass 1 191command to perform unrestricted modifications to any field in a user's 192.Pa master.passwd 193map entry. 194When 195.Nm 196is started with this flag, it will also allow the super-user to add new 197records to the NIS passwd maps, just as is possible when using 198.Xr chpass 1 199to modify the local password database. 200.It Fl m 201Turn on multi-domain mode. 202Even though 203.Xr ypserv 8 204can handle several simultaneous domains, most implementations of 205.Nm 206can only operate on a single NIS domain, which is generally the same as 207the system default domain of the NIS master server. 208The 209.Fx 210.Nm 211attempts to overcome this problem in spite of the inherent limitations 212of the 213.Pa yppasswd 214protocol, which does not allow for a 215.Pa domain 216argument in client requests. 217In multi-domain mode, 218.Nm 219will search through all the passwd maps of all the domains it 220can find under 221.Pa /var/yp 222until it finds an entry that matches the user information specified in 223a given update request. 224(Matches are determined by checking the username, 225UID and GID fields.) 226The matched entry and corresponding domain are then 227used for the update. 228.Pp 229Note that in order for multi-domain mode to work, there have to be 230separate template files for each domain. 231For example, if a server 232supports three domains, 233.Pa foo , 234.Pa bar , 235and 236.Pa baz , 237there should be three separate master.passwd template files called 238.Pa /var/yp/foo/master.passwd , 239.Pa /var/yp/bar/master.passwd , 240and 241.Pa /var/yp/baz/master.passwd . 242If 243.Pa foo 244happens to be the system default domain, then its template file can 245be either 246.Pa /var/yp/foo/master.passwd 247or 248.Pa /var/yp/master.passwd . 249The server will check for the latter file first and then use the former 250if it cannot find it. 251.Pp 252Multi-domain mode is off by default since it can fail if there are 253duplicate or near-duplicate user entries in different domains. 254The server 255will abort an update request if it finds more than one user entry that 256matches its search criteria. 257Even so, paranoid administrators 258may wish to leave multi-domain mode disabled. 259.It Fl i 260If 261.Nm 262is invoked with this flag, it will perform map updates in place. 263This 264means that instead of just modifying the password template file and 265starting a map update, the server will modify the map databases 266directly. 267This is useful when the password maps are large: if, for 268example, the password database has tens of thousands of entries, it 269can take several minutes for a map update to complete. 270Updating the 271maps in place reduces this time to a few seconds. 272.It Fl v 273Turn on verbose logging mode. 274The server normally only logs messages 275using the 276.Xr syslog 3 277facility when it encounters an error condition, or when processing 278updates for the super-user on the NIS master server. 279Running the server 280with the 281.Fl v 282flag will cause it to log informational messages for all updates. 283.It Fl u 284Many commercial 285.Xr yppasswd 1 286clients do not use a reserved port when sending requests to 287.Nm . 288This is either because the 289.Xr yppasswd 1 290program is not installed set-uid root, or because the RPC 291implementation does not place any emphasis on binding to reserved 292ports when establishing client connections for the super-user. 293By default, 294.Nm 295expects to receive requests from clients using reserved ports; requests 296received from non-privileged ports are rejected. 297Unfortunately, this 298behavior prevents any client systems that to not use privileged 299ports from successfully submitting password updates. 300Specifying 301the 302.Fl u 303flag to 304.Nm 305disables the privileged port check so that it will work with 306.Xr yppasswd 1 307clients that do not use privileged ports. 308This reduces security to 309a certain small degree, but it might be necessary in cases where it 310is not possible to change the client behavior. 311.It Fl h 312Display the list of flags and options understood by 313.Nm . 314.El 315.Sh FILES 316.Bl -tag -width Pa -compact 317.It Pa /usr/libexec/yppwupdate 318The script invoked by 319.Nm 320to update and push the NIS maps after 321an update. 322.It Pa /var/yp/master.passwd 323The template password file for the default domain. 324.It Pa /var/yp/[domainname]/[maps] 325The NIS maps for a particular NIS domain. 326.It Pa /var/yp/[domainname]/master.passwd 327The template password file(s) for non-default domains 328(used only in multi-domain mode). 329.El 330.Sh SEE ALSO 331.Xr yp 8 , 332.Xr yppush 8 , 333.Xr ypserv 8 , 334.Xr ypxfr 8 335.Sh AUTHORS 336.An Bill Paul Aq Mt wpaul@ctr.columbia.edu 337.Sh BUGS 338As listed in the yppasswd.x protocol definition, the YPPASSWDPROC_UPDATE 339procedure takes two arguments: a V7-style passwd structure containing 340updated user information and the user's existing unencrypted (cleartext) 341password. 342Since 343.Nm 344is supposed to handle update requests from remote NIS client machines, 345this means that 346.Xr yppasswd 1 347and similar client programs will in fact be transmitting users' cleartext 348passwords over the network. 349.Pp 350This is not a problem for password updates since the plaintext password 351sent with the update will no longer be valid once the new encrypted password 352is put into place, but if the user is only updating his or her 'GECOS' 353information or shell, then the cleartext password sent with the update 354will still be valid once the update is completed. 355If the network is 356insecure, this cleartext password could be intercepted and used to 357gain unauthorized access to the user's account. 358